Todd C. Miller
77f94f291a
sudo_digest_getlen: return size_t, and 0 on error instead of -1
...
This is an API change, sudo_digest_getlen_v1 remains for binary
compatibility.
2023-08-07 08:43:13 -06:00
Todd C. Miller
184e03b4a9
ERR_get_error() returns unsigned long, not int.
2023-08-07 08:05:00 -06:00
Todd C. Miller
861ed2b7d4
We now must pass "err" SSL_get_error(), not "nread".
2023-08-07 07:59:58 -06:00
Todd C. Miller
d6d467b92e
Add implementation of SSL_read_ex/SSL_write_ex for those without.
2023-08-05 10:38:02 -06:00
Todd C. Miller
e6d14c95b6
Use SSL_read_ex() and SSL_write_ex() instead of SSL_read() and SSL_write().
2023-08-05 10:38:01 -06:00
Todd C. Miller
4f3786f70f
visudo: do not create a new file if the user made no changes
...
This prevents visudo from creating a new zero-length sudoers file
if the user exited the editor without making any changes. Files
created via a @include directive are preserved, even if empty, to
avoid a parse error. GitHub issue #294 .
2023-07-27 11:23:25 -06:00
Todd C. Miller
14f1a12e2d
testsudoers: add -L, -l and -v tests
2023-07-26 13:59:33 -06:00
Todd C. Miller
d62d704e55
testsudoers: display when a password is required
2023-07-26 11:14:45 -06:00
Todd C. Miller
75256516bd
testsudoers: add -L, -l and -v options.
...
This makes it possible to test "sudo -l" and "sudo -v" using
testsudoers.
2023-07-26 10:37:52 -06:00
Todd C. Miller
538be58ac0
sudoers_lookup_pseudo: sync with sudoers_lookup_check
...
This makes sudoers_lookup_pseudo(), which is used for pseudo-command
like "list" and "validate" a bit more like sudoers_lookup_check().
Time of day checks are performed, and callbacks are supported. We
cannot use the same code for regular commands and pseudo-commands
due to the "pwcheck == all" case.
2023-07-25 15:57:20 -06:00
Todd C. Miller
d486db46cf
Fix user warning message for "sudo -l command" when not allowed.
...
Reported by the sudo-rs project.
There was a missing space between "list" and the actual command.
This also changes the output to include the command as specified
by the user, not the path found in the path. Previously, if the
command did not exist it would not be included in the message.
2023-07-25 13:56:08 -06:00
Todd C. Miller
1a00423afd
Add free function for sudo Python module.
...
This reduces the amount of memory leaked on unload.
2023-07-25 09:33:03 -06:00
Todd C. Miller
09b9632699
Merge sudo_module_register_loghandler and sudo_module_set_default_loghandler.
...
We now create the LogHandler class for each interpreter in
python_plugin_init() instead of just once in sudo_module_init().
This fixes the crash seen in Py_EndInterpreter() with Python 3.12
and significantly reduces the number of leaked objects tracked by
MemorySanitizer.
2023-07-24 11:07:45 -06:00
Todd C. Miller
56b829f66b
sudo_module_register_conv_message: fix copy pasta in debug_decl
2023-07-24 10:47:15 -06:00
Todd C. Miller
0462a4ee8c
sudo_module_register_loghandler: clear sudo_type_LogHandler on error
...
Also add comments about PyModule_AddObject stealing a ref on success.
2023-07-22 08:33:04 -06:00
Todd C. Miller
b52c32f234
Use Py_XDECREF instead of manual NULL check + Py_DECREF
2023-07-22 08:32:17 -06:00
Todd C. Miller
4e6254fea2
Work around a crash with Python 3.12.
...
In sudo_module_set_default_loghandler() if we don't leak the reference
to py_loghandler we get a crash in Py_EndInterpreter() with Python
3.12. This probably indicates a reference counting bug elsewhere.
2023-07-21 12:20:18 -06:00
Todd C. Miller
91ea599459
Unbuffer stdout so we don't miss output during a crash.
2023-07-21 10:48:20 -06:00
Todd C. Miller
8c4cec148e
Use PyObject_CallNoArgs() where possible.
2023-07-21 10:47:28 -06:00
Todd C. Miller
ba5ef624f2
Make sudo_type_ConvMessage and sudo_type_LogHandler static.
...
They are not used outside their respective compilation units.
2023-07-21 10:46:16 -06:00
Todd C. Miller
432ac12128
Pass TEST_VERBOSE to all test programs.
2023-07-20 10:13:40 -06:00
Todd C. Miller
7499b2d274
All test programs should accept the -v option, even if it is ignored.
2023-07-20 10:10:05 -06:00
Todd C. Miller
e710f79420
Revert last change, wrong diff committed.
2023-07-20 07:49:17 -06:00
Todd C. Miller
a12dbfe909
We can rely on Py_FinalizeEx() to free sub-interpreters.
2023-07-19 09:16:51 -06:00
Todd C. Miller
2cb4835781
Adapt to changed formatting of a rejected result in Python 3.12
2023-07-20 07:46:28 -06:00
Todd C. Miller
adaba9c0f0
Remove trailing whitespace from test output.
2023-07-20 06:57:19 -06:00
Todd C. Miller
7a10cdc286
_python_plugin_new_interpreter switches to the new interpreter
...
No need to do PyThreadState_Swap in the caller.
2023-07-20 06:58:53 -06:00
Todd C. Miller
cc939297a1
Call PyImport_AppendInittab after pre-initialization.
...
Also remove redundant PyConfig settings.
2023-07-19 09:13:23 -06:00
Todd C. Miller
da60384ad8
Use Py_InitializeFromConfig() not Py_InitializeEx() for Python >= 3.8.
...
Avoids deprecation warnings on Python 3.12.
2023-07-18 20:18:38 -06:00
Todd C. Miller
fa66c16689
sudoers_check_common: MODE_PRESERVE_ENV is not valid with MODE_CHECK.
...
We should only check for MODE_PRESERVE_ENV when running a command.
2023-07-17 10:52:23 -06:00
Todd C. Miller
db704c22ec
runas_userlist_matches: fix matching a Runas_Spec with an empty runas user.
...
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
2023-07-15 08:44:57 -06:00
Todd C. Miller
625653de08
sudo_term_raw: change the isig argument into a flags field
...
There are current two flags: SUDO_TERM_ISIG (enable terminal signals)
and SUDO_TERM_OFLAG (preserve output flags).
2023-07-14 13:12:51 -06:00
Todd C. Miller
56828f6412
fmt_info_messages: don't include ttyname if it is NULL
...
The NULL check was commented out for testing but should have been
restored. Fixes a potential protocol error message from sudo_logsrvd.
2023-07-11 14:15:46 -06:00
Todd C. Miller
dc1a5d7b40
sudo_krb5_ccname_path: avoid gcc false positive for ccname being NULL
...
The callers all verify that they don't pass a NULL ccname so I'm
not sure how the compiler is getting confused (and why now?).
2023-07-10 15:21:31 -06:00
Todd C. Miller
d1625f9c83
Only allow the user to specify -D or -R for the special "*" value.
...
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*". If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
2023-07-10 14:30:40 -06:00
Todd C. Miller
cbcb1d2506
sudoers plugin: make more bit flags unsigned.
2023-07-10 11:06:23 -06:00
Todd C. Miller
9f7128fe83
parse_timeout: move overflow check to the correct location
...
It was not covering all cases in its original location.
Fixes oss-fuzz issue 60454 with fuzz_sudoers.
2023-07-08 10:16:35 -06:00
Rose
5d758264ab
Give every printf-like function restrict qualifiers
...
The format value has to be a string literal, every time.
Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
2023-07-07 20:23:20 -04:00
Todd C. Miller
548e3e3125
testsudoers: avoid extern definitions where possible
2023-07-07 15:23:54 -06:00
Todd C. Miller
32f4b98f6b
sudo frontend: silence most -Wconversion warnings.
2023-07-07 15:07:04 -06:00
Todd C. Miller
0c85f10c80
python plugin: silence -Wconversion warnings.
2023-07-07 15:07:04 -06:00
Todd C. Miller
a38b714667
sudoers plugin: silence most -Wconversion warnings.
2023-07-07 15:07:04 -06:00
Todd C. Miller
0205f6fc75
sudoers_check_common: remove extraneous return statement.
2023-07-07 14:54:10 -06:00
Todd C. Miller
43e914a5d3
Copy, don't append group ID in fill_group() and fill_runas_group()
...
This only affects the case where a group ID cannot be resolved.
2023-07-05 11:49:07 -06:00
Todd C. Miller
2848dddd87
Rename print_usage() to display_usage()
2023-07-04 19:48:41 -06:00
Todd C. Miller
fd061e4d69
Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes.
2023-07-04 16:24:48 -06:00
Todd C. Miller
f1d9063477
Fix wrapping of libc getpwnam/getpwuid/getgrnam/getgrgid on NetBSD.
2023-07-04 14:14:07 -06:00
Rose
cbed9daa46
Fixed even more signedness and conversion issues
...
This should be the last of them.
2023-07-03 22:07:35 -04:00
Todd C. Miller
e95bd883d7
Promote length/size/offset in struct connection_buffer to size_t.
2023-07-03 17:02:24 -06:00
Todd C. Miller
56a431f7ea
Make sudo_pow2_roundup() operate on size_t.
2023-07-03 16:51:05 -06:00